IN THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 
Listing of Claims: 

1. (Currently Amended) A method for analyzing a threat to system security, comprising: 

identifying a threat agent having an existing access level attained by the threat agent in 
the course of an attack ; 

using the existing access level to analyze an attack path between the threat agent and an 
assetT-an d, including by: 

setting an updated access level initially to the existing access level; and 
iteratively comparing the updated access level with a required access level 
associated with a next attack along the attack path to determine whether the next attack 
along the attack path would be successful and, if so, updating the updated access level to 
equal a resulting access level associated with the next attack, until it is determined that 
the asset has been reached via the attack path or that no farther updating th e existing 
acc e ss l e vel if th e analysis of th e attack path b e tw ee n th e thr e at ag e nt and th e ass e t 
indicat e s that an attack along the path would be successful ; and 
in the event it is determined that the asset would be reached by the threat agent via the 
attack path, taking a responsive action in real time, prior to the asset actually being reached by 
the threat agent, the responsive action comprising a control or other countermeasure that results 
in the threat agent being rendered unable to reach the asset via the attack path , 

2. (Original) A method as recited in claim 1 wherein using the existing access level to 
analyze an attack path between the threat agent and an asset comprises identifying a vulnerability 
associated with the asset. 

3. (Original) A method as recited in claim 1 wherein using the existing access level to 
analyze an attack path between the threat agent and an asset comprises identifying an exploit 
method associated with a vulnerability associated with the asset. 
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4. (Original) A method as recited in claim 3 wherein the exploit method has associated with 
it a prerequisite access level required to use the exploit method to exploit the vulnerability 
successfully. 

5. (Original) A method as recited in claim 4 wherein using the existing access level to 
analyze an attack path between the threat agent and an asset comprises comparing the existing 
access level to the prerequisite access level. 

6. (Original) A method as recited in claim 4 further including determining whether a control 
affects the prerequisite access level. 

7. (Original) A method as recited in claim 3 wherein the exploit has associated with it a 
resulting access level that may be attained by using the exploit to exploit the vulnerability 
successfully. 

8. (Original) A method as recited in claim 7 further including determining whether a control 
affects the resulting access level. 

9. (Canceled) 

10. (Canceled) 

11. (Canceled) 
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12. (Original) A method as recited in claim 1 further including determining whether the asset 
is subject to compromise by the threat agent. 

13. (Original) A method as recited in claim 1 further including determining whether a control 
affects the existing access level of the threat agent. 

14. (Original) A method as recited in claim 13 further including updating the existing access 
level to reflect the affect of the control prior to using the existing access level to analyze an 
attack path between the threat agent and an asset. 

15. (Original) A method as recited in claim 1 wherein identifying a threat agent comprises 
receiving from a network security system or application data comprising an identification of the 
threat agent. 

16. (Original) A method as recited in claim 1 wherein identifying a threat agent comprises 
receiving from a network security system or application data that may be used to identify the 
threat agent. 

17. (Original) A method as recited in claim 1 further including providing output data 
reflecting a result of the analysis of the attack path. 

18. (Currently Amended) A method as recited in claim [[1]] 17 wherein the output data 
comprises a report of the highest level of access that has been or could be achieved by the threat 
agent through one or more attacks along the attack path. 
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19. (Original) A method as recited in claim 1 wherein using the existing access level further 
includes evaluating recorded data to determine the attack path. 

20. (Original) A method as recited in claim 1 wherein the attack path is determined by 
computing a transitive closure. 

21. (Currently Amended) A computer program product for analyzing a threat to system 

security, the computer program product being embodied in a computer readable medium and 

comprising computer instructions for: 

identifying a threat agent having an existing access level attained by the threat agent in 
the course of an attack ; 

using the existing access level to analyze an attack path between the threat agent and an 
assetr-and , including by: 

setting an updated access level initially to the existing access level; and 
iteratively comparing the updated access level with a required access level 
associated with a next attack along the attack path to determine whether the next attack 
along the attack path would be successful and, if so, updating the updated access level to 
equal a resulting access level associated with the next attack, until it is determined that 
the asset has been reached via the attack path or that no further updating th e existing 
access level if th e analysis of th e attack path b e tw e en th e thr e at ag e nt and th e ass e t 
indicat e s that an attack along the path would be successful ; and 
in the event it is determined that the asset would be reached by the threat agent via the 
attack path, taking a responsive action in real time, prior to the asset actually being reached by 
the threat agent, the responsive action comprising a control or other countermeasure that results 
in the threat agent being rendered unable to reach the asset via the attack path . 
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